Obviously, though, this approach has an annoying flaw: I cannot synchronize changes easily across all git installations I use.

That got me thinking. What is the BEST approach to this problem? Usually other configuration system have a way to include files so that you can split them into bits and keep most of the shared configuration items the same in the main file and include the parts that are different from other files.

I could modify my workflow so that I have a main configuration that is shared for all installations and have another supplemental configs just for the specific machine I happen to be on.

Conditional Includes

Git supports a neat way of specifying an includeIf condition by selecting based on the location of the .git dir. And better yet, it also supports ** directory globbing.

This means that you can structure your workspace such that all of Company X's work are under a dir named company-x and then using a condition matching **/company-x/**/.git to match all git checkouts under that dir.

First, if you havn't already, you need to reorganize your repos based on where you work (or how you want to apply gitconfigs):

Different signing settings base on branch.

Aside from the gitdir: matching condition, you can also use onbranch: to setup branch-specific configs!

If you have specific branch system setup, for example master for production commits, you could set it up so that GPG signing is only done there and only require commits on that branch to have proper verification.